Data risk & privacy

Many companies have a glaring weakness: they do not know what data they have, how it should be used or how well decision-makers can trust it. Sixty percent are not even sure that they have identified their most valuable and sensitive digital assets.

Discovering all your data will take time -- and requires a suite of tools and skills: consistent taxonomies, standards and controls, supported by experts in risk, privacy and compliance. With the help of digital command and control centers, over time you can develop a single source of truth for your data inventory. You will be able to separate the high-value data you need from the low-value data that clutters up your systems. You will be able to map data flow and lineage, and classify and tag data for easier, more trusted use with artificial intelligence and other emerging technologies.

How do you protect data while simultaneously enhancing its value? Put business experts together with risk, security, privacy and compliance experts. Then let them look at the same data, with the same standards and taxonomies.

As cyberthreats accelerate, companies will need to continually assess gaps, train employees (especially those working remotely) on cybersafety, monitor third parties and implement security and privacy by design in new products and services. That requires data-driven cyber risk management: key performance indicators and key risk indicators for technology solutions. Both the business and top leadership can then quickly assess their security capabilities and proceed with trust in their data and technology.

If your company has any unsecured or unreliable data — and unless it’s brand-new, it almost certainly does — that data is a source of risk: both the risk of bad decisions and the risk of malicious actors accessing sensitive information.

Companies must minimize that risk by minimizing the target. They must govern, discover and protect the data they need, and only the data they need — and eliminate the rest. Drafts, duplicates, superseded data, legacy data and employee personal data are common candidates for elimination. Low-value data not only creates unnecessary risk — its presence makes it harder to locate and use the high-value data that you need.

Privacy has evolved into a front-page consideration for organizations, as companies grapple with questions ranging from individual employee health status to consumers’ perception of customer data and how it is used. And as privacy regulations like the California Privacy Rights Act and the General Data Protection Regulation expand in scope and number, privacy compliance is only becoming a bigger concern and potential risk. 

Your privacy team should work hand in hand with your information governance team to ensure that both employee and customer data is handled ethically and in accord with regulations. Strategically, your privacy program can be folded into your overall Information Governance program to enhance customer and stakeholder trust.